H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
References
Link | Resource |
---|---|
https://github.com/h2o/h2o/issues/1077 | Patch Third Party Advisory |
https://jvn.jp/en/jp/JVN94779084/index.html | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2017-05-12T18:00:00
Updated: 2017-05-12T17:57:01
Reserved: 2016-05-17T00:00:00
Link: CVE-2016-4864
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-05-12T18:29:00.437
Modified: 2019-02-26T16:03:35.057
Link: CVE-2016-4864
JSON object: View
Redhat Information
No data.
CWE